Behavioral task
behavioral1
Sample
3020-6-0x0000000000400000-0x0000000000574000-memory.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3020-6-0x0000000000400000-0x0000000000574000-memory.exe
Resource
win10v2004-20240426-en
General
-
Target
3020-6-0x0000000000400000-0x0000000000574000-memory.dmp
-
Size
1.5MB
-
MD5
63dd350e2ad3d2d94a00ce4d459596e2
-
SHA1
b6372667995b2d2eec7a8a45c48031cdd528b3d7
-
SHA256
75dfe1989c0dd1c6e53d86290e1224466c866a4ee8ad37bec2c597e7f96b9f4a
-
SHA512
05e784b69706fccacc4ca911739f0afe8912d40cd9bd5b1bcc9cc8060bf001b2d26653ad3129d4626ae547fa5c08df0f3dd2147ab41598f357c05407f63617a3
-
SSDEEP
24576:Pm6bO3o+SKhnvBqbKzTNclgDWsUvIxTk9mNwT9UYyXD:rbOY+SKR3QPvd9mmT94
Malware Config
Extracted
risepro
193.233.132.62
Signatures
-
Risepro family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3020-6-0x0000000000400000-0x0000000000574000-memory.dmp
Files
-
3020-6-0x0000000000400000-0x0000000000574000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: - Virtual size: 1.3MB
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 94KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE